There’s only a few days left for this years BSidesROC on 5/12/12. “Rochester’s first and only hacker con”. << Do you know why we say that? Not because we’re the only computer security conference, and not because we think other security conferences suck (well some do), but it’s because an info sec event is not the same as a hacker con. I’m talking about Rochester Security Summit for example. It’s been going on for years run by the local ISSA chapter and they do a good job. It is a corporate crowd. You expect that when you pay a certain amount of money that there’s a certain level of professionalism. And the people that attend are info sec professionals. A hacker con on the other hand…

Con != Conference

“Con” used to stand for “conference” , and it literally still does but it’s also a reference to the “con” community. Defcon, Shmoocon, Comicon, (FurryCon?). Each of these are conferences but there’s something else to it. Different. If you’ve been to Defcon or Shmoocon, your expectation is to have a ton of fun, meet cool people, and take part in fun activities with such people. In some ways, it’s much more of an intense experience because you’re not walking in with your button down shirts enjoying a coffee while you sit at the white circle table that hotels always have. That would be a conference. At Defcon you’re walking in with a black shirt ready to be punched in the face by awesomeness. You may look around and notice a lot of younger people but it’s not that the crowd is necessarily young; it’s the ideas and the passion usually associated with young people. And that’s what it comes down to in con versus a conference; passion. These people want to be here, they’re not being forced by their employers. They want to see what’s happening in a community.

Hacker != Infosec

Hacker: That scary word that Rochester is learning to accept. Slowly. You know the word, and the politics behind it. But I think there’s a big difference between hacker and infosec, both in how they act and the way they think. Hacker and infosec have an overlap of course, but a hacker refers to someone with a passion to learn about security. Infosec on the other hand is a job position or career path. It’s business driven, professional, and pretty easy to define. By day, I am an Information Security professional and I attempt to be professional and goal oriented when it comes to my job. At night, I’m a hacker that wants to learn things related to security whether or not they benefit my career.

Y U SO Pedantic

The point is to show that BSidesROC is a different beast than any of the other conferences in Rochester. Maybe it’s not better if you enjoy professional cons. But definitely better if you have a passion for security and don’t take life too seriously. And if you don’t like paying for things. It’s also a warning for those people expecting to walk into a comfortable sit-in-your-seat-and-listen event. Because this is not it. If you haven’t been to a hacker con, I strongly recommend that you come to this one if for nothing else, to see what a hacker con is like.

By the end of the week, I’ll include some details about what’s happening at BSidesROC.